 <?php 


$username = $_POST['username'];
$password = $_POST['password'];

include("opendb.php");
include("functions.php");
$res = isValidUser($username,$password);
if($res!=1) {
echo "0";
exit;
}

$listingid = $_POST['listing_id'];


$query = "select * from Users where Username='".$username."'";
$result = mysql_query($query) or die ("SQL Error".mysql_error());
$row=mysql_fetch_assoc($result);
$userid = $row['ID'];



		$lquery = "select * from PROPERTIES p inner join Prop_Owner_Con c on p.OID = c.Prop_OID where p.OID='".$listingid."' and c.Owner = '".$userid."'";
		$lresult = mysql_query($lquery) or die ("SQL Error".mysql_error());
		$listing_row=mysql_fetch_assoc($lresult);
		if (mysql_num_rows($lresult) === 0)
		{
			echo "101";
			exit;
		}
		$xmlout = "<LISTING>\n\t";
		
		
				
		    $sql = "Select * from Prop_Features where Listing_ID = '".$listingid."'";
			$result = mysql_query($sql) or die ("SQL Error".mysql_error());
			$i=0;
			while($frow=mysql_fetch_assoc($result))
			{
		     $xmlout.= "<feature-$i>".$frow['Feature']."</feature-$i>\n";
			$i++;	
			}

		
		
		$xmlout.= "<STREETNUM>".$listing_row['STREETNUM']."</STREETNUM>\n";
		$xmlout.= "<STREETNAME>".$listing_row['STREETNAME']."</STREETNAME>\n";
		$xmlout.= "<STREETSUFFIX>".$listing_row['STREETSUFFIX']."</STREETSUFFIX>\n";
        $xmlout.= "<LISTSTATUS>".$listing_row['LISTSTATUS']."</LISTSTATUS>\n";
		$xmlout.= "<TITLE>".$listing_row['TITLE']."</TITLE>\n";
		$xmlout.= "<STREETDIR>".$listing_row['STREETDIR']."</STREETDIR>\n";
		
		$pquery = "select * from Street_Suffix";
					$presult = mysql_query($pquery) or die ("SQL Error".mysql_error());
					$i=0;
					while($prop_row=mysql_fetch_assoc($presult))
					{
								$xmlout.= "<streetsuffix-$i>".$prop_row['Name']."~".$prop_row['Value']."</streetsuffix-$i>\n";		
								$i++;
					}

		$xmlout.= "<UNITFLOORNUM>".$listing_row['UNITFLOORNUM']."</UNITFLOORNUM>\n";
		$xmlout.= "<CITY>".$listing_row['CITY']."</CITY>\n";
		$xmlout.= "<STATE>".$listing_row['STATE']."</STATE>\n";
		$xmlout.= "<ZIPCODE>".$listing_row['ZIPCODE']."</ZIPCODE>\n";
		
		
		
		
		
		
		
		$pquery = "select * from Prop_Types";
		
					$presult = mysql_query($pquery) or die ("SQL Error".mysql_error());
					$i=0;
					while($prop_row=mysql_fetch_assoc($presult))
					{
					$xmlout.= "<proptype-$i>".$prop_row['ID']."~".$prop_row['Name']."</proptype-$i>\n";
					$i++;	
					}
		$xmlout.= "<LISTDATE>".$listing_row['LISTDATE']."</LISTDATE>\n";			
		$xmlout.= "<LISTPRICE>".$listing_row['LISTPRICE']."</LISTPRICE>\n";			
		$xmlout.= "<ASSOCFEE>".$listing_row['ASSOCFEE']."</ASSOCFEE>\n";
		$xmlout.= "<BEDS>".$listing_row['BEDS']."</BEDS>\n";
		$xmlout.= "<BATHSFULL>".$listing_row['BATHSFULL']."</BATHSFULL>\n";
		$xmlout.= "<BATHSHALF>".$listing_row['BATHSHALF']."</BATHSHALF>\n";
		$xmlout.= "<BATHSTOTAL>".$listing_row['BATHSTOTAL']."</BATHSTOTAL>\n";
		$xmlout.= "<SQFTTOTAL>".$listing_row['SQFTTOTAL']."</SQFTTOTAL>\n";
		$xmlout.= "<STORIES>".$listing_row['STORIES']."</STORIES>\n";
		$xmlout.= "<PARKINGCOVERED>".$listing_row['PARKINGCOVERED']."</PARKINGCOVERED>\n";
		$xmlout.= "<YEARBUILT>".$listing_row['YEARBUILT']."</YEARBUILT>\n";
		$xmlout.= "<STYLE>".$listing_row['STYLE']."</STYLE>\n";
		$xmlout.= "<MLSNUM>".$listing_row['MLSNUM']."</MLSNUM>\n";
		$xmlout.= "<REMARKS>".$listing_row['REMARKS']."</REMARKS>\n";
		$xmlout.= "<LANDING_PAGE>".$listing_row['LANDING_PAGE']."</LANDING_PAGE>\n";
		$xmlout.= "<VIRTUAL_TOUR_URL>".$listing_row['VIRTUAL_TOUR_URL']."</VIRTUAL_TOUR_URL>\n";
		$xmlout.= "<IVR>".$listing_row['IVR']."</IVR>\n";
		$xmlout.= "<FSBO>".$listing_row['FSBO']."</FSBO>\n";
		
		
		$xmlout.="</listing>";	
		echo $xmlout;
?>